Highlighted
Uneek_Mo
1 Copper

Help is much appreciated! Hijackthis log...

Hi,
Thanks for looking. I have a Dell Dimension 8300 Desktop, and it seems that it has become hijacked (Spyware).  While surfin' the net, all of a sudden, pop-up's GALORE! And not just one here and one there, they were coming in one on top of the other, too fast to click off, until there were about 30+ windows open and my comp would freeze. I downloaded Ad-Aware SE, ran that a few times... ran my McCaffee Virus scan a few times, would re-boot afterwards, but the pop ups seemed to have kept re-installing themselves everytime. Also, When I go to Add/Remove Programs, there are some there that just can't be removed, and now there's a bunch of new stuff in there and I'm not sure what to do. When I FINALLY got a hold of a Dell tech, she had me go to Start >Run>, then do a sysconfig>Start-up>Disable All.  It seemed to work (?), but I'm not sure what she had me do, if it will cause probs in the future, and also not really sure how that would have gotten rid of the spyware in my system?!  I just know that it couldn't have been that simple?
 
 
Here is my Hijackthis log. Any help would be much appreciated!!!
 
Logfile of HijackThis v1.99.1
Scan saved at 10:18:09 PM, on 3/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system\eqaeeei.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Dell\Support\Alert\bin\AlertView.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://webpdp.gator.com/v3/webpdp_v3_detect.php?yic=HIC_RydiumINT
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {06C33C6A-E91E-41B1-B357-471D2ED571D2} - C:\Program Files\ym1172no\ym1172no.dll
O2 - BHO: (no name) - {0F528D3D-21D1-4F8A-8A37-278559032C09} - C:\Program Files\ym1172no\ym1172no.dll
O2 - BHO: (no name) - {106A664D-C367-49C2-BE61-8534F8849266} - C:\Program Files\ym1172no\ym1172no.dll
O2 - BHO: SDWin32 Class - {14297B94-D3C5-42A0-8A71-A4CC515F1520} - C:\WINDOWS\System32\oonym.dll
O2 - BHO: (no name) - {14485340-14B8-4F34-9655-E498DC637581} - C:\Program Files\ym1172no\ym1172no.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {2CD44EF8-F2B2-4399-969A-55504F9E1312} - C:\Program Files\ym1172no\ym1172no.dll
O2 - BHO: (no name) - {34C37B35-FF56-490A-812D-69EF3F507C05} - C:\Program Files\ym1172no\ym1172no.dll
O2 - BHO: (no name) - {43A3A8FC-0E06-4CB8-B133-071F47F53779} - C:\Program Files\ym1172no\ym1172no.dll
O2 - BHO: MSW.cIExplorer - {4B57B77A-B130-4EB8-8CFB-42B880F6D311} - C:\Documents and Settings\All Users\Application Data\msw\MSW.dll
O2 - BHO: SDWin32 Class - {4E010239-387A-4B77-BD8B-83CA1AACE907} - C:\WINDOWS\System32\rlkxh.dll
O2 - BHO: CAUN Object - {59F12660-2B92-4554-98F9-87295AD8A0CE} - C:\WINDOWS\System32\AUNBHO.dll
O2 - BHO: (no name) - {5B703AAE-2461-4E1B-B491-BB31D0E092A8} - C:\Program Files\ym1172no\ym1172no.dll
O2 - BHO: (no name) - {5B87F88A-8CFD-4D33-B5EB-8C8AD2284554} - C:\Program Files\ym1172no\ym1172no.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {7944948A-DECF-4B37-95ED-8856B5E0E55D} - C:\Program Files\ym1172no\ym1172no.dll
O2 - BHO: (no name) - {7F5ED8EC-C621-49FA-8583-E2493D2FB36B} - C:\Program Files\ym1172no\ym1172no.dll
O2 - BHO: (no name) - {A4BFD7F4-6524-4CA1-8F2C-86022CB0DC17} - C:\Program Files\ym1172no\ym1172no.dll
O2 - BHO: SDWin32 Class - {B48B87DD-36DD-4F22-BC64-3F5D7FF9A66B} - C:\WINDOWS\System32\lmyog.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: SDWin32 Class - {CA8F55E3-EB39-453B-B69E-1F4726A2C59F} - C:\WINDOWS\System32\pcsfm.dll
O2 - BHO: (no name) - {CD31DD42-0F66-4CD1-BA71-C11D16C652E7} - C:\Program Files\ym1172no\ym1172no.dll
O2 - BHO: (no name) - {DA735102-10DD-4C75-B1D5-06279E4E6C87} - C:\Program Files\ym1172no\ym1172no.dll
O2 - BHO: (no name) - {F234A8CB-3264-47AC-83B5-0B836216CF05} - C:\Program Files\ym1172no\ym1172no.dll
O2 - BHO: (no name) - {F3942629-1B86-40B9-85E2-D31555BF8B39} - C:\Program Files\ym1172no\ym1172no.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGam! eLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstall...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -! http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60DCC13E-D878-4FE3-BFDA-B7FD76D58B8D}: NameServer = 206.13.29.12 206.13.30.12
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ZE! SOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)
 

Message Edited by Uneek_Mo on 03-11-2005 05:38 PM

0 Kudos
2 Replies
jamez kann
4 Tellurium

Re: Help is much appreciated! Hijackthis log...

1. One of the main reasons you could be hit by virus /spyware is because your windows xp is unpatched/outdates (Notice windows Xp Sp1  the full patched up-to-date windwos xp is windows Xp Sp2)
Turn on Automatic Updates for me.
http://protect.microsoft.com/security/protect/WSA/en/default.asp
order the free windows xp2 update cd
http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/default.mspx
If you are having problems with your computer after installing Windows XP SP2, please visit our online support center. You can also call (888) SP2HELP or (888) 772-4357 (United States and Canada only).
Get Windows XP Service Pack 2 with advanced security technologies
Windows XP Service Pack 2 (SP2) provides better protection against viruses, hackers, and worms, and includes Windows Firewall, Pop-up Blocker for Internet Explorer, and the new Windows Security Center.
http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx
2. Run the  Online anti-virus scans (instructions on how to run the online virus scans  http://forums.thatcomputerguy.us/index.php?showtopic=5122 ).
4.  click on the link  "Essential spyware removal steps and other hijackthis help forums" below and follow all the instructions (Step 1-5) ,
5. Install microsofts anti spyware software from the link below
6. Start using Firefox instead of internet explorer ,click on the link "Get Firefox" below and download/install and run it.
7. Repost post the hijackthis log (here or in chrisrlgs forum) so the experts can help you remove the remaining nasty  spyware .
0 Kudos
Uneek_Mo
1 Copper

Re: Help is much appreciated! Hijackthis log...

I will try all of this, and report back. Thanks so much!!
0 Kudos